[{"data":1,"prerenderedAt":766},["ShallowReactive",2],{"blog-en-cncf-graduated-projects-2025-overview":3,"blog-en-cncf-graduated-projects-2025-overview-alt":757},{"id":4,"title":5,"author":6,"body":7,"date":752,"description":753,"extension":754,"image":708,"locale":755,"meta":756,"navigation":757,"path":758,"seo":759,"stem":760,"tags":761,"__hash__":765},"blog\u002Fblog\u002Fen\u002Fcncf-graduated-projects-2025-overview.md","CNCF Graduated Projects 2025: Production-Ready Open Source You Can Trust","Kubo Team",{"type":8,"value":9,"toc":707},"minimark",[10,33,38,47,81,90,98,102,107,115,119,133,137,145,149,163,167,175,179,187,193,197,201,214,218,226,230,238,242,250,256,260,264,272,276,284,288,296,300,308,312,320,324,328,336,340,348,352,360,364,372,376,390,394,407,411,415,429,433,447,451,459,463,471,475,483,487,529,533,539,629,638,645,649,652,685,695],[11,12,13,14,18,19,26,27,32],"p",{},"When adopting cloud-native technologies, one of the most critical questions is \"which open source projects can be trusted in production?\" The ",[15,16,17],"strong",{},"Graduated"," status from ",[20,21,25],"a",{"href":22,"rel":23},"https:\u002F\u002Fwww.cncf.io\u002F",[24],"nofollow","CNCF (Cloud Native Computing Foundation)"," is the highest level of certification, proving that a project is mature and has extensive production adoption. ",[20,28,31],{"href":29,"rel":30},"https:\u002F\u002Fkubo.hexabase.io\u002F",[24],"Kubo",", as a K3s-based Kubernetes platform, has strong affinity with these CNCF Graduated projects. This article provides a comprehensive category-by-category guide to all Graduated projects as of 2025.",[34,35,37],"h2",{"id":36},"what-cncf-graduated-means-a-seal-of-trust","What CNCF Graduated Means: A Seal of Trust",[11,39,40,41,46],{},"To achieve ",[20,42,45],{"href":43,"rel":44},"https:\u002F\u002Fwww.cncf.io\u002Fprojects\u002F",[24],"Graduated status from CNCF",", projects must meet rigorous criteria:",[48,49,50,57,63,69,75],"ul",{},[51,52,53,56],"li",{},[15,54,55],{},"Broad Production Adoption",": Proven usage in production at multiple organizations",[51,58,59,62],{},[15,60,61],{},"Healthy Community",": Diverse contributors and active development",[51,64,65,68],{},[15,66,67],{},"Security Audit",": Completion of third-party security audits",[51,70,71,74],{},[15,72,73],{},"Governance",": Clear project governance and decision-making processes",[51,76,77,80],{},[15,78,79],{},"Mature Documentation",": Comprehensive documentation and user guides",[11,82,83,84,89],{},"According to the ",[20,85,88],{"href":86,"rel":87},"https:\u002F\u002Fwww.cncf.io\u002Freports\u002Fcncf-annual-report-2025\u002F",[24],"CNCF Annual Report 2025",", CNCF hosts over 230 projects with more than 300,000 contributors. Graduated projects represent the elite tier.",[11,91,92,97],{},[20,93,96],{"href":94,"rel":95},"https:\u002F\u002Fwww.hexabase.com\u002Fproduct\u002Fcaptain-ai\u002F",[24],"Captain.AI"," leverages these CNCF Graduated projects to provide AI-powered assistance for building and operating Kubernetes environments.",[34,99,101],{"id":100},"orchestration-and-runtime","Orchestration and Runtime",[103,104,106],"h3",{"id":105},"kubernetes-the-container-orchestration-standard","Kubernetes -- The Container Orchestration Standard",[11,108,109,114],{},[20,110,113],{"href":111,"rel":112},"https:\u002F\u002Fkubernetes.io\u002F",[24],"Kubernetes"," was CNCF's first Graduated project and is the de facto standard for container orchestration. It automates the deployment, scaling, and management of containerized applications.",[103,116,118],{"id":117},"containerd-cri-o-container-runtimes","containerd \u002F CRI-O -- Container Runtimes",[11,120,121,126,127,132],{},[20,122,125],{"href":123,"rel":124},"https:\u002F\u002Fcontainerd.io\u002F",[24],"containerd"," and ",[20,128,131],{"href":129,"rel":130},"https:\u002F\u002Fcri-o.io\u002F",[24],"CRI-O"," are lightweight container runtimes for Kubernetes. As CRI (Container Runtime Interface)-compliant runtimes independent of the Docker daemon, they are widely adopted in production.",[103,134,136],{"id":135},"crossplane-infrastructure-orchestration","Crossplane -- Infrastructure Orchestration",[11,138,139,144],{},[20,140,143],{"href":141,"rel":142},"https:\u002F\u002Fwww.crossplane.io\u002F",[24],"Crossplane"," achieved Graduated status in 2025, enabling declarative management of cloud infrastructure through the Kubernetes API. AWS, GCP, and Azure resources can be managed uniformly as Kubernetes manifests.",[103,146,148],{"id":147},"knative-serverless","Knative -- Serverless",[11,150,151,156,157,162],{},[20,152,155],{"href":153,"rel":154},"https:\u002F\u002Fknative.dev\u002F",[24],"Knative"," achieved Graduated status in October 2025. According to the ",[20,158,161],{"href":159,"rel":160},"https:\u002F\u002Fwww.cncf.io\u002Fannouncements\u002F2025\u002F10\u002F08\u002Fcloud-native-computing-foundation-announces-knatives-graduation\u002F",[24],"CNCF announcement",", it provides an event-driven application layer on Kubernetes with native support for auto-scaling and scale-to-zero.",[103,164,166],{"id":165},"keda-event-driven-autoscaling","KEDA -- Event-Driven Autoscaling",[11,168,169,174],{},[20,170,173],{"href":171,"rel":172},"https:\u002F\u002Fkeda.sh\u002F",[24],"KEDA"," is an event-driven autoscaler that scales Kubernetes workloads based on external event sources such as Kafka, RabbitMQ, and Azure Queue.",[103,176,178],{"id":177},"kubeedge-edge-computing","KubeEdge -- Edge Computing",[11,180,181,186],{},[20,182,185],{"href":183,"rel":184},"https:\u002F\u002Fkubeedge.io\u002F",[24],"KubeEdge"," extends Kubernetes to edge devices, enabling unified management across cloud and edge environments.",[11,188,189,192],{},[20,190,31],{"href":29,"rel":191},[24]," benefits from these orchestration technologies as a lightweight K3s-based Kubernetes platform spanning edge to cloud.",[34,194,196],{"id":195},"observability","Observability",[103,198,200],{"id":199},"prometheus-the-metrics-collection-standard","Prometheus -- The Metrics Collection Standard",[11,202,203,208,209,213],{},[20,204,207],{"href":205,"rel":206},"https:\u002F\u002Fprometheus.io\u002F",[24],"Prometheus"," is the foundation of Kubernetes monitoring with its pull-based metrics collection and PromQL query language. See our ",[20,210,212],{"href":29,"rel":211},[24],"Prometheus monitoring guide"," on this blog for details.",[103,215,217],{"id":216},"opentelemetry-unified-observability","OpenTelemetry -- Unified Observability",[11,219,220,225],{},[20,221,224],{"href":222,"rel":223},"https:\u002F\u002Fopentelemetry.io\u002F",[24],"OpenTelemetry"," is a vendor-neutral framework that unifies traces, metrics, and logs. Supported by over 90 observability vendors, it has established itself as the industry standard.",[103,227,229],{"id":228},"jaeger-distributed-tracing","Jaeger -- Distributed Tracing",[11,231,232,237],{},[20,233,236],{"href":234,"rel":235},"https:\u002F\u002Fwww.jaegertracing.io\u002F",[24],"Jaeger"," is a distributed tracing backend for microservice environments. It visualizes the complete picture of requests and helps identify performance bottlenecks.",[103,239,241],{"id":240},"fluentd-log-collection","Fluentd -- Log Collection",[11,243,244,249],{},[20,245,248],{"href":246,"rel":247},"https:\u002F\u002Fwww.fluentd.org\u002F",[24],"Fluentd"," is an open-source data collector providing a unified logging layer. With over 500 plugins, it supports diverse data sources and destinations.",[11,251,252,255],{},[20,253,96],{"href":94,"rel":254},[24]," integrates and analyzes data from these observability tools using AI, automating early incident detection and response.",[34,257,259],{"id":258},"networking-and-service-mesh","Networking and Service Mesh",[103,261,263],{"id":262},"cilium-ebpf-based-networking","Cilium -- eBPF-Based Networking",[11,265,266,271],{},[20,267,270],{"href":268,"rel":269},"https:\u002F\u002Fcilium.io\u002F",[24],"Cilium"," is a CNCF Graduated project that leverages eBPF technology to provide L3-L7 networking, security, and observability. It features performance beyond iptables and an identity-based security model.",[103,273,275],{"id":274},"envoy-service-proxy","Envoy -- Service Proxy",[11,277,278,283],{},[20,279,282],{"href":280,"rel":281},"https:\u002F\u002Fwww.envoyproxy.io\u002F",[24],"Envoy"," is a high-performance service proxy developed at Lyft. Used as the foundation for Istio and many service meshes, it provides L7 traffic management, load balancing, and observability.",[103,285,287],{"id":286},"coredns-service-discovery","CoreDNS -- Service Discovery",[11,289,290,295],{},[20,291,294],{"href":292,"rel":293},"https:\u002F\u002Fcoredns.io\u002F",[24],"CoreDNS"," is the default DNS server for Kubernetes. Its plugin-based architecture enables flexible customization of DNS-based service discovery.",[103,297,299],{"id":298},"istio-service-mesh","Istio -- Service Mesh",[11,301,302,307],{},[20,303,306],{"href":304,"rel":305},"https:\u002F\u002Fistio.io\u002F",[24],"Istio"," is a service mesh that manages communication between microservices. It transparently provides traffic management, security (mTLS), and observability.",[103,309,311],{"id":310},"linkerd-lightweight-service-mesh","Linkerd -- Lightweight Service Mesh",[11,313,314,319],{},[20,315,318],{"href":316,"rel":317},"https:\u002F\u002Flinkerd.io\u002F",[24],"Linkerd"," is a lightweight, simple service mesh for Kubernetes. It delivers mTLS, metrics, and retries with minimal configuration.",[34,321,323],{"id":322},"security-and-compliance","Security and Compliance",[103,325,327],{"id":326},"cert-manager-automated-tls-certificate-management","cert-manager -- Automated TLS Certificate Management",[11,329,330,335],{},[20,331,334],{"href":332,"rel":333},"https:\u002F\u002Fcert-manager.io\u002F",[24],"cert-manager"," automates TLS certificate issuance and renewal on Kubernetes. It supports multiple certificate authorities including Let's Encrypt and HashiCorp Vault.",[103,337,339],{"id":338},"falco-runtime-security","Falco -- Runtime Security",[11,341,342,347],{},[20,343,346],{"href":344,"rel":345},"https:\u002F\u002Ffalco.org\u002F",[24],"Falco"," is a cloud-native runtime security engine that monitors Linux kernel system calls and detects abnormal behavior at the container and host level in real time.",[103,349,351],{"id":350},"opa-open-policy-agent-policy-engine","OPA (Open Policy Agent) -- Policy Engine",[11,353,354,359],{},[20,355,358],{"href":356,"rel":357},"https:\u002F\u002Fwww.openpolicyagent.org\u002F",[24],"Open Policy Agent"," is a general-purpose policy engine for cloud-native environments. It handles Kubernetes admission control, API authorization, and data filtering.",[103,361,363],{"id":362},"kyverno-kubernetes-native-policy","Kyverno -- Kubernetes-Native Policy",[11,365,366,371],{},[20,367,370],{"href":368,"rel":369},"https:\u002F\u002Fkyverno.io\u002F",[24],"Kyverno"," is a Kubernetes-native policy engine. Policies are written in YAML without requiring the Rego language, offering an intuitive user experience.",[103,373,375],{"id":374},"spiffe-spire-workload-identity","SPIFFE \u002F SPIRE -- Workload Identity",[11,377,378,383,384,389],{},[20,379,382],{"href":380,"rel":381},"https:\u002F\u002Fspiffe.io\u002F",[24],"SPIFFE"," defines the workload identity standard, while ",[20,385,388],{"href":386,"rel":387},"https:\u002F\u002Fspiffe.io\u002Fspire\u002F",[24],"SPIRE"," is its implementation. Together they automate service-to-service authentication, providing the foundation for zero-trust security.",[103,391,393],{"id":392},"in-toto-tuf-software-supply-chain","in-toto \u002F TUF -- Software Supply Chain",[11,395,396,126,401,406],{},[20,397,400],{"href":398,"rel":399},"https:\u002F\u002Fin-toto.io\u002F",[24],"in-toto",[20,402,405],{"href":403,"rel":404},"https:\u002F\u002Ftheupdateframework.io\u002F",[24],"TUF (The Update Framework)"," are frameworks that guarantee software supply chain integrity, cryptographically verifying each stage from build to deployment.",[34,408,410],{"id":409},"storage-registry-and-ci-cd","Storage, Registry, and ci-cd",[103,412,414],{"id":413},"rook-cubefs-cloud-native-storage","Rook \u002F CubeFS -- Cloud-Native Storage",[11,416,417,422,423,428],{},[20,418,421],{"href":419,"rel":420},"https:\u002F\u002Frook.io\u002F",[24],"Rook"," is a storage orchestrator that automates Ceph management on Kubernetes. ",[20,424,427],{"href":425,"rel":426},"https:\u002F\u002Fcubefs.io\u002F",[24],"CubeFS"," is a large-scale distributed file system.",[103,430,432],{"id":431},"harbor-dragonfly-container-registry","Harbor \u002F Dragonfly -- Container Registry",[11,434,435,440,441,446],{},[20,436,439],{"href":437,"rel":438},"https:\u002F\u002Fgoharbor.io\u002F",[24],"Harbor"," is an enterprise container registry. ",[20,442,445],{"href":443,"rel":444},"https:\u002F\u002Fd7y.io\u002F",[24],"Dragonfly"," is a P2P-based container image distribution system.",[103,448,450],{"id":449},"argo-ci-cd-and-gitops","Argo -- ci-cd and GitOps",[11,452,453,458],{},[20,454,457],{"href":455,"rel":456},"https:\u002F\u002Fargoproj.github.io\u002F",[24],"Argo"," is a Kubernetes-native ci-cd toolset comprising Argo CD (GitOps), Argo Workflows (workflow engine), and Argo Rollouts (progressive delivery).",[103,460,462],{"id":461},"flux-gitops","Flux -- GitOps",[11,464,465,470],{},[20,466,469],{"href":467,"rel":468},"https:\u002F\u002Ffluxcd.io\u002F",[24],"Flux"," is a GitOps tool that automatically synchronizes Git repository state to clusters. It is one of the two major GitOps projects alongside Argo CD.",[103,472,474],{"id":473},"helm-package-manager","Helm -- Package Manager",[11,476,477,482],{},[20,478,481],{"href":479,"rel":480},"https:\u002F\u002Fhelm.sh\u002F",[24],"Helm"," is the package manager for Kubernetes applications. Using templates called Charts, it simplifies the distribution and deployment of complex applications.",[103,484,486],{"id":485},"additional-projects","Additional Projects",[48,488,489,497,505,513,521],{},[51,490,491,496],{},[20,492,495],{"href":493,"rel":494},"https:--dapr.io-",[24],"dapr"," -- distributed application runtime",[51,498,499,504],{},[20,500,503],{"href":501,"rel":502},"https:\u002F\u002Fcloudevents.io\u002F",[24],"CloudEvents"," -- Event data specification standard",[51,506,507,512],{},[20,508,511],{"href":509,"rel":510},"https:\u002F\u002Fetcd.io\u002F",[24],"etcd"," -- Distributed key-value store (Kubernetes' foundation)",[51,514,515,520],{},[20,516,519],{"href":517,"rel":518},"https:\u002F\u002Ftikv.org\u002F",[24],"TiKV"," -- Distributed transactional key-value store",[51,522,523,528],{},[20,524,527],{"href":525,"rel":526},"https:\u002F\u002Fvitess.io\u002F",[24],"Vitess"," -- MySQL scaling solution",[34,530,532],{"id":531},"kubo-and-the-cncf-ecosystem","Kubo and the CNCF Ecosystem",[11,534,535,538],{},[20,536,31],{"href":29,"rel":537},[24]," is a lightweight K3s-based Kubernetes platform with strong affinity for CNCF Graduated projects:",[540,541,542,555],"table",{},[543,544,545],"thead",{},[546,547,548,552],"tr",{},[549,550,551],"th",{},"Category",[549,553,554],{},"Kubo Usage",[556,557,558,569,579,589,599,609,619],"tbody",{},[546,559,560,566],{},[561,562,563],"td",{},[15,564,565],{},"Orchestration",[561,567,568],{},"K3s (Kubernetes-conformant) as the base",[546,570,571,576],{},[561,572,573],{},[15,574,575],{},"Monitoring",[561,577,578],{},"Prometheus + Grafana for standard monitoring",[546,580,581,586],{},[561,582,583],{},[15,584,585],{},"Networking",[561,587,588],{},"Cilium \u002F CoreDNS for high-performance networking",[546,590,591,596],{},[561,592,593],{},[15,594,595],{},"Security",[561,597,598],{},"cert-manager for automated TLS management",[546,600,601,606],{},[561,602,603],{},[15,604,605],{},"ci-cd",[561,607,608],{},"Argo CD \u002F Flux for GitOps deployments",[546,610,611,616],{},[561,612,613],{},[15,614,615],{},"Storage",[561,617,618],{},"Rook\u002FCeph for persistent storage",[546,620,621,626],{},[561,622,623],{},[15,624,625],{},"Registry",[561,627,628],{},"Harbor for private container registry",[11,630,631,632,637],{},"As the ",[20,633,636],{"href":634,"rel":635},"https:\u002F\u002Fwww.cncf.io\u002Fblog\u002F2026\u002F02\u002F09\u002Fwhat-cncf-project-velocity-in-2025-reveals-about-cloud-natives-future\u002F",[24],"CNCF project velocity report"," shows, the cloud-native ecosystem is growing at an accelerating pace. Kubo is a platform that maximizes the benefits of this ecosystem.",[11,639,640,641,644],{},"Combining ",[20,642,96],{"href":94,"rel":643},[24]," with Kubo creates an intelligent platform where AI assists in building and operating production environments that leverage CNCF Graduated projects.",[34,646,648],{"id":647},"conclusion","Conclusion",[11,650,651],{},"As of 2025, there are 36 CNCF Graduated projects covering every area of cloud-native technology:",[653,654,655,661,667,673,679],"ol",{},[51,656,657,660],{},[15,658,659],{},"Graduated status"," certifies broad production adoption, security audits, and mature governance",[51,662,663,666],{},[15,664,665],{},"Centered on Kubernetes",", the ecosystem covers orchestration, observability, networking, and security",[51,668,669,672],{},[15,670,671],{},"New 2025 graduates"," Crossplane and Knative strengthen IaC and serverless capabilities",[51,674,675,678],{},[15,676,677],{},"Cilium and OpenTelemetry"," demonstrate the maturation of innovative eBPF and observability projects",[51,680,681,684],{},[15,682,683],{},"The entire ecosystem"," works together organically to form a comprehensive cloud-native foundation",[11,686,687,690,691,694],{},[20,688,31],{"href":29,"rel":689},[24]," seamlessly integrates with these CNCF Graduated projects on a K3s base, delivering enterprise-grade cloud-native environments. If you are interested in leveraging the CNCF ecosystem, explore ",[20,692,31],{"href":29,"rel":693},[24],".",[11,696,697,698,701,702,694],{},"For AI-powered cloud-native operations automation, see ",[20,699,96],{"href":94,"rel":700},[24],". For consultations, reach out through our ",[20,703,706],{"href":704,"rel":705},"https:\u002F\u002Fwww.hexabase.com\u002Fcontact-us\u002F",[24],"contact page",{"title":708,"searchDepth":709,"depth":709,"links":710},"",2,[711,712,721,727,734,742,750,751],{"id":36,"depth":709,"text":37},{"id":100,"depth":709,"text":101,"children":713},[714,716,717,718,719,720],{"id":105,"depth":715,"text":106},3,{"id":117,"depth":715,"text":118},{"id":135,"depth":715,"text":136},{"id":147,"depth":715,"text":148},{"id":165,"depth":715,"text":166},{"id":177,"depth":715,"text":178},{"id":195,"depth":709,"text":196,"children":722},[723,724,725,726],{"id":199,"depth":715,"text":200},{"id":216,"depth":715,"text":217},{"id":228,"depth":715,"text":229},{"id":240,"depth":715,"text":241},{"id":258,"depth":709,"text":259,"children":728},[729,730,731,732,733],{"id":262,"depth":715,"text":263},{"id":274,"depth":715,"text":275},{"id":286,"depth":715,"text":287},{"id":298,"depth":715,"text":299},{"id":310,"depth":715,"text":311},{"id":322,"depth":709,"text":323,"children":735},[736,737,738,739,740,741],{"id":326,"depth":715,"text":327},{"id":338,"depth":715,"text":339},{"id":350,"depth":715,"text":351},{"id":362,"depth":715,"text":363},{"id":374,"depth":715,"text":375},{"id":392,"depth":715,"text":393},{"id":409,"depth":709,"text":410,"children":743},[744,745,746,747,748,749],{"id":413,"depth":715,"text":414},{"id":431,"depth":715,"text":432},{"id":449,"depth":715,"text":450},{"id":461,"depth":715,"text":462},{"id":473,"depth":715,"text":474},{"id":485,"depth":715,"text":486},{"id":531,"depth":709,"text":532},{"id":647,"depth":709,"text":648},"2026-05-27","A complete guide to all 36 CNCF Graduated projects. From Kubernetes and Prometheus to Cilium and Crossplane, explore production-proven OSS by category.","md","en",{},true,"\u002Fblog\u002Fen\u002Fcncf-graduated-projects-2025-overview",{"title":5,"description":753},"blog\u002Fen\u002Fcncf-graduated-projects-2025-overview",[762,17,763,764,113,207,270,224],"CNCF","Cloud Native","OSS","mThWSvroZcw3yYG3VugA83US0692gHt-SdE1r-595Lg",1779964618748]